Virtual Private Networksand how secure they are..

Agenda

• VPN and types of VPN• Types of encryption• SSL and Public Key Infrastructure• Diffie-Hellman Key Exchange• IPsec VPN and phases of IPsec

What is VPN?

• A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet.

Types of VPN

• Site-to-site VPN– Intranet VPN– Extranet VPN

• Remote VPN

Site-to-Site VPN

Remote VPN

Encryption• In cryptography, encryption is the process of

encoding messages or information in such a way that only authorized parties can read it.

Types of Encryption

Symmetric Encryption

Asymmetric Encryption

Asymmetric Encryption Contd.

Public Key Infrastructure

SSL – Secure Socket Layer

• SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

SSL - Secure Socket Layer

SSL Bar – Green and Red

SSL bar and certificates cont..

What is SSL again?

SSL/HTTPS Proxy

IPsec – Internet Protocol Security

• IPsec is a protocol suite for secure IP communications that works by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

IPsec Encapsulation

Diffie-Hellman Key Exchange

• Diffie–Hellman key exchange is a specific method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols named after Whitfield Diffie and Martin Hellman.

Cryptographic Explanation

• Here is an example of the protocol, with non-secret values in blue, and secret values in red.

1. Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).

2. Alice chooses a secret integer a = 6, then sends Bob A = ga mod p1. A = 56 mod 23 = 8

3. Bob chooses a secret integer b = 15, then sends Alice B = gb mod p1. B = 515 mod 23 = 19

4. Alice computes s = Ba mod p1. s = 196 mod 23 = 2

5. Bob computes s = Ab mod p1. s = 815 mod 23 = 2

6. Alice and Bob now share a secret (the number 2).• Both Alice and Bob have arrived at the same value s, because, under mod p,

IPsec Phase-1 Messages – Main Mode

IPsec Phase-1 Messages – Aggressive Mode

IPsec Phase-2 Messages – Quick Mode

Integrity checking using hashes

Nat Traversal

Packet without IPsec encryption

IPsec Main Mode Negotiation

IPsec Aggressive Mode Negotiation

Questions?

Thank you..!!

Uday Bhatia

udaybhatia92@gmail.com https://in.linkedin.com/in/

udaybhatia92